An executive summary is presented below. Download our complete 12-page analysis:
Thanks to all who attended our first live conversation. A recording of the conversation is available for download from iTunes here. Please submit any questions to firstname.lastname@example.org.
IOTA is a digital currency project that aims to be the backbone of the internet of things (IoT). It is touted as having a “post-blockchain” architecture. While IOTA shares some similarities with many blockchain projects, its design does not include blocks or a single, linear chain. Instead, it is based on a concept called Directed Acyclic Graph (DAG). While IOTA is not a blockchain, its DAG is still a public, permissionless, distributed ledger. Because of its unique structure, it offers some advantages over traditional blockchains.
IOTA was first conceptualized in 2014 and later founded in 2015 by David Sønstebø, Sergey Ivancheglo, Dominik Schiener, and Dr. Serguei Popov. Several of the founders were working on a hardware startup with an IoT focus when they began to see the limitations of current options for IoT payments. They created IOTA as a solution to these problems.
The initial IOTA supply (2,779,530,283,277,761 IOTA) was distributed in a 2015 token sale that raised 1,337 BTC (~$584,000 at the time) for the development team. The IOTA supply is fixed, as there are neither mining rewards nor inflation. The project is currently developed and managed by a Berlin-based non-profit called the IOTA Foundation.
IOTA’s non-blockchain architecture gives it four distinguishing features.
- IOTA’s network structure should allow it to increase throughput as more nodes join the network.
- Zero Fees
- Transactions on the IOTA network do not incur fees.
- 1 MIOTA sent results in exactly 1 MIOTA received.
- In IOTA, users and validators are one in the same. There is no distinct set of miners or validators separate from users.
- In theory, this results in more decentralized validation.
- IOTA is designed from the ground up to be resistant to the threat of quantum computing.
IOTA aims to be the backbone for the financial system of the IoT. Additionally, it also has integrated other features like secure messaging and a data marketplace. These features are all part of the future machine economy envisioned by IOTA in which millions of machines exchange data and payments in real time. This could include anything from an electric car paying a charging station to weather sensors worldwide selling their data to scientists working on predicting weather patterns.
IOTA’s main feature that makes it suitable for the internet of things is its lack of payment fees. While there are many theoretical use cases for such a system, IOTA has not yet found a real product-market fit. The “use cases” section of the IOTA documentation is sparse and unspecific, saying “The primary focus area is obviously the Internet of Things, especially in areas such as Smart Cities, Infrastructure and Smart Grid, Supply Chain, Transportation and Mobility.” It is not clear whether any of these examples require a steady stream of payments instead of a single upfront payment or a “tab” that can be settled periodically.
In some cases, two parties that do not trust one another will not want to exchange payment upfront or at the end; sending a stream of payments could allow either party to back out of the transaction at any time without losing a significant amount of money. The total addressable market for low-value transactions that require a stream of payments rather than discrete payments is currently quite small and likely does not present enough of a hurdle to justify users’ switching costs.
It is possible that this market expands in the future as internet-connected sensors begin to sell data or as new business models like micropayment-enabled mesh networking gain traction. Even in those cases, IOTA will have to compete with layer-two blockchain solutions like Lightning Network, Raiden, and probabilistic micropayments, as well as other fee-less blockchains like EOS.
We have several major concerns with the implementation of IOTA that make us highly skeptical of its lofty claims.
- The IOTA Coordinator is Centralized
- The IOTA network currently relies on a centralized, closed-source “Coordinator” to protect it from attacks.
- The IOTA team has not given clear guidance on when and how this Coordinator will be removed.
- IOTA Requires Hardware Changes to IoT Devices
- In order for IOTA to reach its true potential, hardware changes will have to be implemented in IoT devices to allow them to transact on the IOTA network.
- This could easily become a chicken and egg problem; IOTA can’t grow to its full potential unless these hardware changes are made, and hardware companies won’t be incentivized to add this new hardware unless IOTA becomes the standard for IoT payments and data sharing.
- IOTA’s go-to-market strategy is dependent on its own success and there is no backup plan.
- The Network Has Experienced Downtime
- The IOTA network has been unusable many times, and has also experienced periods of downtime.
- The team has had to shut off the Coordinator due to bugs or attacks, rendering the network unusable.
- Github issues and Reddit comments show that this is a consistent problem for IOTA.
- This reinforces the issue of IOTA’s reliance on the Coordinator. It is also highly concerning because decentralized networks are designed to never go down and to not have single points of failure.
- Cryptography and Software Vulnerabilities
- Perhaps most concerning are the software vulnerabilities discovered by Neha Narula and her team at the Digital Currency Initiative at the MIT Media Lab.
- They discovered critical vulnerabilities in IOTA’s hash function; the team built this function from scratch, violating the “golden rule of crypto” — don’t roll your own cryptography.
- The team offered conflicting accounts of what happened before finally issuing their definitive response nearly six months later.
- They claimed that the vulnerability was known and intentional. They called it a “copy-protection” mechanism to discourage scam copies of IOTA. They claimed the Coordinator protected against the exploit, but this is impossible to verify, as the Coordinator is closed-source.
- In doing so, they knowingly allowed vulnerabilities to exist and violated the ethos of open-source software. The team has refused to disclose whether other known vulnerabilities exist.
The Directed Acyclic Graph (DAG) architecture presents an interesting, novel mechanism to organize a distributed ledger. While we don’t believe that DAGs make blockchains obsolete, they offer certain features and tradeoffs that may make them a better fit for certain kinds of decentralized applications. Like many technologies in the distributed ledger space, DAGs are in their infancy and remain largely untested. We look forward to seeing continued research into this sector in the future.
While IOTA was one of the first major projects to build a DAG instead of a blockchain, we find that the approach taken by the IOTA team presents many reasons to be highly concerned. While DAG-based systems may form an important part of the future of the crypto ecosystem, we have reservations about the DAG implementation of IOTA, as listed above.
We wish the IOTA team all the best and hope that they are able to execute on their vision, as it represents a compelling step forward for the economy of the IoT. However, given the current state of the IOTA network, the substantial technical risk, and the overwhelming evidence of serious flaws in the protocol, we believe that IOTA is sharply overvalued at current prices.
At the time of publication, IOTA’s market cap is $6,807,664,212, and it is ranked 11th in terms of total market cap.